So I took the SSCP exam today..

G.Hayduke

..and I thought of offering some unsolicited advice for anyone who's interested in getting this certification. First of all, I followed the advice I found in these forums (thank you guys) regarding the study material and used the following resources to prepare for the exam (from most to least used):

• Darril Gibson’s SSCP All in One Exam Guide - 2011 Edition: despite the not-so-uncommon typos and content errors, it’s a surprisingly informative and easy to read book. The material is presented in a clear, practical, and easy to absorb fashion; which is something that you’ll immediately notice if you’re also reading the “Official Guide to the SSCP” (which in comparison seems cryptic and dense). The book is divided into 14 chapters and is not difficult to read 1 per day, which I found to be a quite comfortable pace. That being said, there’s some material that you’ll most likely encounter on the exam that isn’t covered in this book, so it’s important not to rely on it 100%. I also thought that the review questions at the end of each chapter where rather simple compared to the real ones, and this is rather dangerous since it might lead you to have a false sense of security about your real knowledge of the material. I constantly scored 90~100% percent in these sections, and I’m sure the score I got on the real exam wasn’t as high.

• Official (ISC)2 Guide to the SSCP CBK - 2nd Edition: Oh. God. This book made me hate studying for this exam. Since I wasn’t going to be able to go through the whole book from cover to cover (as I did with DG's guide - twice) due to time constraints, I decided to first do the review questions at the end of each chapter and then focus on my weak points. This is where I started to worry. There were a lot of topics that I had no idea where even part of the SSCP CBK. So far I considered crypto to be my strongest domain, and to my surprise it was there where I did the worst. For example, all the operation modes of block ciphers are not covered at all in DG’s exam guide, and in this book they are extensively covered. This was 4 days ago, so I started panicking a little since the exam date was close and I wasn’t in such a good stance as I had previously thought. I don’t know if it was the fact that most of the time I was reading this book late at night, often after long days, but I found it very difficult to digest. The writing style varies wildly from chapter to chapter, so there are some chapters that aren't such a pain to read, while others are just plain dense and boring. For example, in the Malware chapter you get to learn a little bit about the history of the first worms, viruses, their authors, their motivations, if they were caught or not, etc.. Even if this isn’t something you’ll likely encounter in the exam, it makes the book easier to read and the material easier to remember (at least for me). On the other hand, take the first chapter's definition of a subject: “An access control subject is an active entity and can be any user, program, or process that requests permission to cause data to flow from an access control object to the access control subject or between access control objects“ (Wat?). Now compare it with DG’s guide definition: “A subject access a resource, and an object is the resource being accessed” - that's it, that’s all you need to know right there, the rest is just reading well and reasoning the questions you’re being asked.

• (ISC)2 SSCP Webcasts: I think I haven't event finished receiving them in my inbox. I gave up on these after I watched the first 2. They barely scratch the surface, but then again they aren't meant to be your main resource. I guess they are more of a marketing tool for the formal (ISC)2 training. That being said, I think they are good to watch as an introduction to each domain and nothing more.

About the exam itself: you'll get some questions that seem to be specially worded to confuse you. So read well. Then re-read them. I went over some questions 3, 4 or more times. There's plenty of time so don't worry about spending more than a few minutes in each question. Then there are some other questions that I'm pretty sure weren't covered in any of those 2 books I mentioned. I remember one in special regarding a VoIP protocol that I could only answer because I've worked implementing the technology. But maybe it was one of those "test" questions. Go figure. Other than that, general networking knowledge will definitely work in your favour (solid knowledge of the OSI model, well known ports, protocols, WAN technologies, etc..).


Overall it's not such a difficult exam, but it's definitely not to be underestimated just because you have some infosec/ networking knowledge. That being said, I passed

Hope this is of any use to someone. I've got a lot out of this community as a lurker, and I just recently decided to register to give back whatever I can.

Cheers.

jvrlopez

Good job!

Thanks for the write up on the study resources.

Any plans for after SSCP?

G.Hayduke

jvrlopez wrote: »

Good job!

Thanks for the write up on the study resources.

Any plans for after SSCP?

Thanks for reading! I'm already taking the eLearnSecurity course leading to the eCPPT cert. That will keep me busy for at least the first months of 2014 I suppose. But the short term plan is relax and enjoy the christmas break

j.petrov

Congrats on the pass.

zxshockaxz

Congrats man! Sounds like were taking similar paths lol

acomo

congratulations mate.

loun80

Big congrats on the pass! Also, thank you for the info! I have the exam in a couple weeks. Can you tell us what else was not covered in the AIO but was in the official guide?

G.Hayduke

loun80 wrote: »

Big congrats on the pass! Also, thank you for the info! I have the exam in a couple weeks. Can you tell us what else was not covered in the AIO but was in the official guide?

The sub-categories of Discretionary Access Controls, naming conventions on malware, and secure software development methods are a few I can remember. But don't get me wrong, the material in both books is pretty much the same, the difference is that the (ISC)2 official guide goes more into detail in certain topics (the Kerberos ticket granting process is one). I'd strongly recommend reading the All in One guide from cover to cover (more than once if you have the time), and then filling some knowledge gaps with the (ISC)2 guide. You definitely don't need to read it all to pass the exam. There's people in here that has passed the SSCP exam using only the All in One guide, but personally I wouldn't risk it.

One thing the people who created the exam did well is that the questions are more "concept" centric. That is, most of the time you don't need to rely as much on your memory, but on the understanding of the concepts and their practical application. You'll be presented with scenarios and asked what would be the BEST answer (there might be more than one correct answer, but one of them is optimal). So, learning the detailed use of the technologies, protocols, frameworks, whatever, in the way the (ISC)2 guide presents them might not be that helpful. Specially if you're under a time constraint. Bottom line: read the AIO guide, focus on understanding concepts, don't worry too much on the details.

Oh and take the practice tests that come with the AIO guide.

Hope it helps. Good luck!

JDMurray

Congratulations on your pass!

I just want to throw out a few of my thoughts:

G.Hayduke wrote:

I also thought that the review questions at the end of each chapter where rather simple compared to the real ones, and this is rather dangerous since it might lead you to have a false sense of security about your real knowledge of the material.

Many people make the erroneous assumption the quizzes appearing at the end of study guide chapters are an accurate representation of the style and format of actual exam questions. In fact, chapter quizzes are only meant to test the reader's understanding of the chapter's information and nothing else. I think you'll find that no where in DG's book does he state that the chapter quizzes are an example of the items the reader will see on the actual SSCP exam. Therefore, getting a high score on chapter quiz questions should never be taken as a sign that the candidate is ready to take an exam.

G.Hayduke wrote:

There were a lot of topics that I had no idea where even part of the SSCP CBK.

The SSCP Candidate Information Bulletin is the first and last word on what objectives are covered in the SSCP exam. No single study guide covers them all.

G.Hayduke wrote:

Oh. God. This book made me hate studying for this exam.

Yes, a very common reaction to the 2nd edition (yellow cover). The 3rd edition (green cover) is a better read (IMHO), but not by much.

G.Hayduke wrote:

On the other hand, take the first chapter's definition of a subject:

My major complaint with the (ISC)2's SSCP Study Guide is that it is not written for the level of what the (ISC)2 sees as a typical SSCP exam candidate (i.e., just out of college with one year or less of InfoSec work experience). The (ISC)2 doesn't seem to target to the vocational (non-academic), blue collar IT worker that also needs InfoSec certification. It seems that the Security+ cert has completely scooped-up that market.

I also want to mention that the (ISC)2 Webcasts and SANS Webcasts are archived at their respective sites, so you don't have to register to watch them live. They contain a lot of great information.

G.Hayduke

@ JDMurray,

Thanks for the input. You're right about the end of chapter questions in DG's guide, but regardless if they're an accurate representation of the exam questions or not, I still found them a little bit too simplistic and easy to answer. If you look at the end of chapter questions of the (ISC)2 guide, they're much more harder. I just think that these questions should be harder, because the ones on the exam are. But that's just my opinion of course.

Also about the SSCP Candidate Information Bulletin, I have to be honest and say I didn't even looked at it. So good advice in there too for the rest of the people here who's going to go after this cert

loun80

JDMurray wrote: »

Congratulations on your pass!
The SSCP Candidate Information Bulletin is the first and last word on what objectives are covered in the SSCP exam. No single study guide covers them all.

That's really unfair of (ISC)2.

JDMurray

Well, then every certification vendor (Microsoft, Cisco, CompTIA, SANS/GIAC, etc.) is unfair. It doesn't take a score of 100% to pass any cert exam that I know of, and there's no harm in learning stuff that you don't see on your cert exam.